[Koha] koha script wiki
Alvaro Cornejo
cornejo.alvaro at gmail.com
Tue Nov 10 16:11:20 NZDT 2020
Hi
I do understand and share the concerns. However, the full code is there to
anyone to check it out. We are not talking about packaged executables.
For example, in the case of scripts I loaded, they run ¨outside" koha code,
therefore it is barely difficult that they do expose any information to the
outside. Though, it is not impossible for someone to try to get info
through an external script.
As Eric pointed out JS code is already being shared "unverified" on the
wiki and, in my opinion, is more dangerous since it does have "direct
access" to koha code and data.
Regards,
Alvaro
|----------------------------------------------------------------------------------------|
Stay safe / Cuídate/ Reste sécurisé
*7* Switch off as you go / Apaga lo que no usas / Débranchez au fur et à
mesure.
*q *Recycle always / Recicla siempre / Recyclez toujours
P Print only if absolutely necessary / Imprime solo si es necesario /
Imprimez seulement si nécessaire
Le lun. 9 nov. 2020 à 19:27, Eric Phetteplace <ephetteplace at cca.edu> a
écrit :
> I think that is a valid fear but just want to point out that JavaScript
> injected onto Koha's staff side could already
> transmit confidential information to a third party, yet there is a section
> for JS on the wiki.
>
> Best,
>
> ERIC PHETTEPLACE Systems Librarian, Libraries (he/him)
>
> ephetteplace at cca.edu | o 510.594.3660 (cca)
>
> 5212 Broadway | Oakland, CA | 94618
>
> CCA is situated on the traditional unceded lands of the Ohlone peoples.
>
> Black-owned bookstores in Oakland: Ashay by the Bay
> <https://ashaybythebay.com/>, Marcus Books
> <https://www.facebook.com/marcus.books/>
>
> :(){ :|: & };:
>
>
> On Mon, Nov 9, 2020 at 3:34 PM <dcook at prosentient.com.au> wrote:
>
> > I am concerned about adding backend scripts to the wiki. There's no
> > reliable way to ensure those scripts would be correct, and it would be
> > trivial for someone to inject malicious code into the scripts and have
> > unsuspecting users run things which could damage/compromise their backend
> > systems by copy/pasting and executing.
> >
> > I fear that people would see it on the wiki and take that as an
> > endorsement of those scripts.
> >
> > David Cook
> > Software Engineer
> > Prosentient Systems
> > 72/330 Wattle St
> > Ultimo, NSW 2007
> > Australia
> >
> > Office: 02 9212 0899
> > Online: 02 8005 0595
> >
> > -----Original Message-----
> > Date: Sun, 8 Nov 2020 08:15:40 +0000
> > From: "Renvoize, Martin" <martin.renvoize at ptfs-europe.com>
> > To: rogan.hamby at gmail.com
> > Cc: Koha <koha at lists.katipo.co.nz>
> > Subject: Re: [Koha] koha script wiki
> > Message-ID:
> > <
> > CAB7SL8B7tGQDss1zMJXXSZRubp9bJAGUtVBac7KAKcMsmmbnVA at mail.gmail.com>
> > Content-Type: text/plain; charset="UTF-8"
> >
> > By all means feel free to add a page to the wiki...
> >
> > I do wonder, however, why don't you submit useful scripts to the project
> > via bugzilla instead..? That way they would benefit from the many eyes of
> > our signoff and quality assurance process, get documented as part of the
> > standard documentation processes and be more accessible to end users?
> >
> > Just some thoughts,
> >
> >
> >
> >
> > _______________________________________________
> >
> > Koha mailing list http://koha-community.org
> > Koha at lists.katipo.co.nz
> > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
> >
> _______________________________________________
>
> Koha mailing list http://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>
More information about the Koha
mailing list